CIO OPINION
CISOs need to prepare for disruptions caused by AI in 2025
Top cyber security executives from BeyondTrust , Qualys , OPSWAT , Cloudflare , Kaspersky , Tenable , Palo Alto Networks , share their insights , forecasts and predictions into 2025 and beyond , including how businesses and threat actors will return to narrow-AI use cases , why the fear of Generative AI catalysing a volume explosion in targeted attacks will not happen , how AI will impact the CISO ’ s role in years ahead and why CISOs should urgently shift focus to security transformation and remove vendors causing complexity , among other insights .
As 2025 dawns , the CISO must question the status quo and ask themselves how things need to change in the coming year . Is AI a risk that requires a new security strategy ? Could it also be the answer to facing down a threat landscape that is scaling up in terms of both volume and stealth capabilities ? Will AI replace security professionals or augment their efforts ?
CISOs ’ resolutions for 2025 will involve cultural shifts in risk management and collaboration between security and other functions , from IT to the C-suite . To do better , security leaders must focus on business-oriented measures backed by data , and holistic solutions that help target resources where they can make the greatest impact .
Businesses and threat actors will return to narrow-AI use cases
Morey Haber , Chief Security
Advisor , BeyondTrust
In cybersecurity , we know planning is everything . We know to be forewarned is to be forearmed . Meanwhile , AI is , in many respects , a boon to businesses but in the wrong hands has been feared to also be a bane . As we shall see , however , much of this fear has been unfounded . As the years progress , industry experts also continue to fret over the implications of quantum computing .
In 2025 , expect to see businesses return to more proven narrow-AI use cases to restore predictability to the ROI of AI projects . Automation and the upskilling of business functions are likely to be among the most common implementations . In parallel , we can expect threat actors , to minimise their costs , return to using narrow AI to soften entry barriers . The fear of Generative AI catalysing a volume explosion in targeted , bespoke attacks is therefore unfounded .
Cybersecurity investments will continue to favour multiple point solutions that do not play well together .
This will lead to detrimental effects on reporting and visibility , and security teams will bear the brunt , more gaps , more vectors , more paths to privilege .
October 2025 will see end-of-life announcements for Microsoft Windows 10 . Only the most recent machines , those that have both Secure Boot and TPM , trusted platform module will be eligible for Windows 11 upgrades , meaning everyone else will lose access to updates , including security patches . If this sounds like a recipe for vulnerability that is because it is .
Expect to see a fire sale of obsolete PCs in the second half of 2025 .
The forced obsolescence will be good news for the hardware market , however , especially ARM , which will see a volume shift to its mobile-friendly processors . Alternative OSes like Linux and Ubuntu will also benefit from organisations trying to minimise replacement costs .
46 INTELLIGENTCIO MIDDLE EAST www . intelligentcio . com